Cross-site Scripting (XSS)

Overview netbox-data-flows is a NetBox plugin to document data flows between systems and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ObjectAlias.name field rendered in DataFlow tables. An attacker can execute arbitrary JavaScript in the brows...

netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables

Summary An authenticated user who can create or edit ObjectAlias objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in DataFlow table views, causing a stored XSS when another user views the affected page. Details The issue is caused by unsafe HT...

Autonomous LLM Agent Worms: Cross-Platform Propagation, Automated Discovery and Temporal Re-Entry Defense

Autonomous LLM agents operate as long-running processes with persistent workspaces, memory files, scheduled task state, and messaging integrations. These features create a new propagation risk: attacker-influenced content can be written into persistent agent state, re-enter the LLM decision conte...

CVE-2026-7605 JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery

A security flaw has been discovered in JeecgBoot up to 3.9.1. This vulnerability affects the function CommonController.uploadImgByHttp/HttpFileToMultipartFileUtil.httpFileToMultipartFile/HttpFileToMultipartFileUtil.downloadImageData of the file CommonController.java of the component...

KingsGuard: Enclave Data Protection under Real-World TEE Vulnerabilities

Trusted Execution Environments TEEs have emerged as a cornerstone for securing sensitive computations by providing isolated enclaves protected from untrusted software. However, their security guarantees are undermined by vulnerabilities in both the enclave code and the underlying hardware design,...

An AI Agent Execution Environment to Safeguard User Data

AI agents promise to serve as general-purpose personal assistants for their users, which requires them to have access to private user data e.g., personal and financial information. This poses a serious risk to security and privacy. Adversaries may attack the AI model e.g., via prompt injection to...

x86: Floating Point Divider State Sampling

ISSUE DESCRIPTION Researchers from the CISPA Helmholtz Center for Information Security have discovered Floating Point Divider State Sampling. It is detailed in a paper titled "TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities" For more information, see:...

BayreuthWing

A transformer-based deep learning system for detecting securit...

Agentic-Security-Code-Review

🔍 Agentic Security Code Review !Claude Codehttps://img.sh...

IBM InfoSphere Information Server Information Disclosure Vulnerability (7009205)

The version of IBM InfoSphere Information Server installed on the remote host is 11.7.x prior or equal to 11.7.1.4. It is, therefore, potentially affected by an information disclosure vulnerability: - IBM InfoSphere Information Server could allow an authenticated user to obtain sensitive...

AutoVulnPHP: LLM-Powered Two-Stage PHP Vulnerability Detection and Automated Localization

PHP's dominance in web development is undermined by security challenges: static analysis lacks semantic depth, causing high false positives; dynamic analysis is computationally expensive; and automated vulnerability localization suffers from coarse granularity and imprecise context. Additionally,...

A Systematic Study of Code Obfuscation against LLM-Based Vulnerability Detection

As large language models LLMs are increasingly adopted for code vulnerability detection, their reliability and robustness across diverse vulnerability types have become a pressing concern. In traditional adversarial settings, code obfuscation has long been used as a general strategy to bypass...

Taint-Based Code Slicing for LLMs-Based Malicious NPM Package Detection

The increasing sophistication of malware attacks in the npm ecosystem, characterized by obfuscation and complex logic, necessitates advanced detection methods. Recently, researchers have turned their attention from traditional detection approaches to Large Language Models LLMs due to their strong...

GAPS: Guiding Dynamic Android Analysis with Static Path Synthesis

Dynamically resolving method reachability in Android applications remains a critical and largely unsolved problem. Despite notable advancements in GUI testing and static call graph construction, current tools are insufficient for reliably driving execution toward specific target methods, especial...

Bridging Semantics and Structure for Software Vulnerability Detection Using Hybrid Network Models

Software vulnerabilities remain a persistent risk, yet static and dynamic analyses often overlook structural dependencies that shape insecure behaviors. Viewing programs as heterogeneous graphs, we capture control- and data-flow relations as complex interaction networks. Our hybrid framework...

EUVD-2020-26595

Malware in sbrugna...

EUVD-2011-4623

Malware in sbrugna...

EUVD-2021-1935

Malware in sbrugna...

EUVD-2021-19525

Malware in sbrugna...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414629 advisory. Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which...